II. AMENDMENTS TO THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently Amended) A fraud detection system for detecting fraudulent fransactions, 
comprising: 

an interface for inputting fransaction data and outputting analysis results; and 

a tamper-resistant secure data processing unit (SDPU), wherein the SDPU includes: 

a security system that can restrict access to data and program execution; 

an analysis system for analyzing inputted fransactions; 

a plurality of surveillance algorithms stored in an encrypted database wherein the 
plurality of surveillance algorithms make a determination regarding a probability that 
inputted fransactions are fraudulent; and 

a selection program for selecting at each of a sequence of random times a 
different surveillance algorithm to be used by the analysis system. 

2. (Currently Amended) The fraud detection system of claim 1, wherein the SDPU fiirther 
includes an algorithm performance system that assists the selection program in selecting 
surveillance algorithms. 

3. (Currently Amended) The fraud detection system of claim 1, wherein the selection program 
includes a random selection program for selecting surveillance algorithms. 

4. (Canceled) 
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5. (Currently Amended) The fraud detection system of claim 1, wherein the sec\irity system 
includes an encryption system for encrypting and decrypting data. 

6. (Previously Presented) A method for detecting fraudulent fransactions, comprising: 

providing an interface for inputting fransaction data and receiving analysis results; 

providing a secure data processing unit (SDPU) that provides a secret and tamper- 
resistant computing environment, wherein the SDPU can restrict access to data and program 
execution; 

providing a plurality of surveillance algorithms stored in an encrypted database; 
analyzing inputted fransactions for fraud with a surveillance algorithm within the SDPU; 

and 

selecting a different surveillance algorithm from the plurality of surveillance algorithms 
for analyzing fiiture inputted fransactions. 

7. (Original) The method of claim 6, wherein the step of selecting a different surveillance 
algorithm utilizes a random selection process. 

8. (Original) The method of claim 7, comprising the fiirther steps of 

measuring algorithm performance; and 

using the measured performance in selecting surveillance algorithms. 

9. (Previously Presented) The method of claim 8, comprising the fiirther steps of: 
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measuring a randomness of the algorithm selection process using a technique selected 
from the group consisting of correlation and entropy measures; and 

issuing an alert if the randomness goes under a predetermined threshold. 

10. (Currently Amended) The method of claim 6, wherein the SDPU prevents observation by an 
outside observer of which surveillance algorithm is selected. 

1 1 . (Original) The method of claim 6, including the further step of decrypting the selected 
surveillance algorithm. 

12. (Withdrawn) A confederated fraud detection system, comprising: 

an interface for inputting transaction data; and 

a secure data processing unit (SDPU) that provides a secret and tamper-proof computing 
environment, wherein the SDPU includes: 

a security system that can restrict access to data and program execution; 

a consolidated database for storing encrypted data from a plurality of members; 
a consolidation system for securely importing encrypted data from each of the 
plurality of members; and 

at least one data analysis tool for analyzing the consolidated database. 

13. (Withdrawn) The confederated fraud detection system of claim 12, further comprising a set 
of data access rules that determines access criteria to data stored in the consolidated database. 
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14. (Withdrawn) The confederated fraud detection system of claim 12, further comprising a 
secure data communication channel through which data traffic can remain secret. 

15. (Withdrawn) The confederated fraud detection system of claim 12, ftirther comprising an 
encryption system for decrypting imported data, wherein the encryption system includes a 
system for protecting encryption keys. 

16. (Withdrawn) The confederated fraud detection system of claim 12, further comprising an 
analysis system for analyzing inputted transactions, wherein the interface allows for securely 
inputting transaction data to be analyzed and for securely outputting analysis results. 

17. (Withdrawn) The confederated fraud detection system of claim 16, wherein the analysis 
system utilizes a probabilistic sampling method wherein an acceptance probability is 
proportional to a measure of fraud cost of the analyzed transaction. 

18. (Withdrawn) The confederated fraud detection system of claim 17, wherein the data set 
needed to implement the probabilistic sampling method is small enough to fit in a memory space 
of a secure processor. 

19. (Withdrawn) The confederated fraud detection system of claim 12, wherein the at least one 
data analysis tool includes a system for building models. 
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20. (Withdrawn) The confederated fraud detection system of claim 12, further comprising a 
battery of secure processors capable of providing a set of fiinctions that are deemed to require 
high security, high confidentiality, or high privacy. 

21 . (Withdrawn) A method for implementing a fi-aud detection service, comprising: 

providing a member based fi'aud detection service; 

securely transferring data to a confederated fraud detection system from a member such 
that the data is maintained as confidential; 

storing the data in an encrypted form in a consolidated database along with data from 
other members; 

using the data in the consolidated database to facilitate fraud detection; and 
performing fraud detection on at least one transaction in a secure manner that is 
confidential with regard to the other members. 

22. (Withdrawn) The method of claim 21, wherein the data is transferred to the fraud detection 
service in an encrypted form. 

23. (Withdrawn) The method of claim 22, wherein the data transferred to the fraud detection 
service is decrypted by the fraud detection service, verified for accuracy, and approved for 
storage. 
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24. (Withdrawn) The method of claim 21, wherein each member has the option of allowing their 
data to be used in conjunction with data from other members for a purpose selected from the 
group consisting of: constructing a model and performing fraud detection. 

25. (Withdrawn) The method of claim 21, fiirther comprising providing a secret surveillance 
service to the members, wherein the service includes: 

providing a model comprising a library of surveillance programs; and 
running different surveillance programs at different times so that an outside party cannot 
detect which surveillance program is running. 

26. (Withdrawn) The method of claim 21, fiirther comprising providing a data processing 
service to the members, wherein the service includes: 

providing data consolidation services; 
providing model construction services; and 
providing transaction analysis services. 

27. (Withdrawn) The method of claim 21, wherein the confederated fraud detection system 
comprises a data management system that is programmable, tamper resistant, tamper sensitive, 
tamper reactive and tamper evident. 

28. (Withdrawn) The method of claim 21, comprising the fiirther step of causing random data to 
be received by the fraud detection service in order to ensure that secrecy is not lost to a third 
party observing fraffic to the fraud detection service. 



10/690,778 



7 



29. (Withdrawn) The method of claim 21, wherein an iterative selective sampling method for 
selecting subsets of analysis data is employed by the fraud detection service in performing fraud 
detection so that the analysis data used in each iteration of fraud detection is small enough to be 
stored in the memory of a secure processor. 

30. (Withdrawn) The method of claim 29, wherein the iterative selective sampling method 
includes a probabilistic sampling method with acceptance probability proportionate to a measure 
of fraud cost of each fransaction record. 

3 1 . (Withdrawn) The method of claim 2 1 , wherein the fraud detection service includes a system 
for reconstructing activity networks among participating members to identify suspicious pattems. 

32. (Withdrawn) The method of claim 21, wherein confidentiality of the data is confroUed by 
rules established within a rules engine. 

33. (Withdrawn) The method of claim 21, wherein the fraud detection service includes audit 
capabilities for replicating analysis activities performed by the fraud detection service. 

34. (Withdrawn) The method of claim 33, wherein the audit capabilities include a system for 
maintaining secrecy of which algorithms were used during the analysis activities. 

35. (Withdrawn) A distributed fraud detection system, comprising: 
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a plurality of secure data processing unit (SDPU) distributed among a set of members, 
wherein each SDPU provides a secret and tamper-proof computing environment for the member, 
and wherein the SDPU includes: 

a secure database for storing member data; 

a security system that can restrict access to member data; and 

a secure communication system for securely transferring member data to and from each 
of the plurality of members in a secure and confidential manner. 

36. (Withdrawn) The distributed fraud detection system of claim 35, wherein at least one of the 
SDPUs includes a data analysis tool for analyzing data distributed among the members in order 
to build a model for detecting fraud. 

37. (Withdrawn) The distributed fraud detection system of claim 35, wherein at least one of the 
SDPUs includes a fransaction analysis tool for analyzing an inputted fransaction for fraud by 
collecting data distributed among the members. 
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